This document describes how to configure Wonderland to authenticate users when they attempt to log in. By default, Project Wonderland
does not require users to authenticate to the server (that is, they do not need to enter a password). An administrator can configure
Wonderland to use one of the two supported methods of authentication: file-based authentication and LDAP-based authentication.
Configuring file-based authentication
File-based authentication is the most simple authentication method in Wonderland: user IDs and their passwords are stored in a file,
which can be updated by the administrator.
Enabling file-based authentication
To enable file-based authentication, edit the WonderlandMain.cfg file. This file is located in two different places depending upon
whether you are working with the binary distribution or source distribution of Project Wonderland:
src/darkstar_config/WonderlandMain.cfg if using the source distribution
config/WonderlandMain.cfg if using the binary distribution
Uncomment the following lines in WonderlandMain.cfg:
This will enable password authentication based on the password file in the given location relative to the lg3d-wonderland directory. The Wonderland server must be restarted for the change to take effect.
Adding and removing users in the password file
Passwords in the password file are stored using an MD5 hash. A tool is provided to add a new user to the file.
If you are using the binary release, use the following command to add to the password file:
where <install directory> is the directory in which your binary distribution is installed.
If you are using the source release, use the following command to add to the password file:
Replace <username> and <password> in the commands above with the desired username and password to add. The password file
itself is found at data/Wonderland/passwords with respect to the base Wonderland directory.
To remove a user, simply edit the password file in data/Wonderland/passwords and remove the line containing the desired username.
Configuring password file authentication for the Server Master Client
If you plan to run the Server Master Client (SMC), you should also use the above technique to add to the password file the user name and password of the SMC.
The user name of the SMC is ServerMasterClient. By default, the password of the SMC is guest. If you wish to use a different
password then you must do the following. (For the purposes of this example the SMC password we will use is MySMCPassword).
If you are using the binary release, use the following command to add to the password file:
Then create a plain text file on the system on which you run the SMC and place the SMC password in this file as the first line followed by ENTER.
For example, you could put this password in the file lg3d-wonderland/data/Wonderland/smc_password. The first line would contain the text MySMCPassword.
Finally, you must create a property which points to the file in which you put your SMC password. You must add the following property
to your SMC's my.run.properties file (if you are using the binary release) or your my.build.properties file (if you are using the source tree).
smc.password.file=data/Wonderland/smc_password
Configuring LDAP-based authentication
LDAP authentication can be used to authenticate users against an LDAP database, typically used for corporate authentication. There are many freely available and
open source LDAP servers, such as the OpenDS project.
To enable LDAP-based authentication, edit the WonderlandMain.cfg file. This file is located in two different places depending upon
whether you are working with the binary distribution or source distribution of Project Wonderland:
src/darkstar_config/WonderlandMain.cfg if using the source distribution
config/WonderlandMain.cfg if using the binary distribution
Uncomment the following lines in WonderlandMain.cfg:
Replace the value of the directory property with your LDAP server's hostname, for example ldaps://sun-directory.sun.com. You must also replace the base-dn, which is the root of the directory tree to search, with the correct base for your LDAP server.
In addition to the properties above, you may set the following optional properties (as specified in the Javadoc for org.jdesktop.lg3d.wonderland.darkstar.server.auth.LDAPAuth):
The LDAP filter to search for user names, for example "employeenumber=%s", where %s will be substituted with the user name used for authentication. The default is "uid=%s"
The attribute in the directory that represents the email address. Default is "mail".
Configuring LDAP authentication for the Server Master Client
You can also use LDAP to configure a password for the Server Master Client. To do this, the LDAP system must contain a password for user ServerMasterClient.
You must create a plain text file on the system on which you run the SMC and place the SMC password in this file as the first line followed by ENTER.
For example, you could put this password in the file lg3d-wonderland/data/Wonderland/smc_password. The first line would contain the text MySMCPassword (for example).
Finally, you must create a property which points to the file in which you put your SMC password. You must add the following property
to your SMC's my.run.properties file (if you are using the binary release) or your my.build.properties file (if you are using the source tree).